Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java @ 548:95a48e1f1a26 openid
Fix return_url handling and send params to client in header
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Fri, 27 Feb 2015 17:23:05 +0100 |
| parents | f9f1edd30b33 |
| children | fff43091ccc9 |
comparison
equal
deleted
inserted
replaced
| 547:f9f1edd30b33 | 548:95a48e1f1a26 |
|---|---|
| 164 HttpServletRequest hReq = (HttpServletRequest) req; | 164 HttpServletRequest hReq = (HttpServletRequest) req; |
| 165 /* First check if the header is provided at all */ | 165 /* First check if the header is provided at all */ |
| 166 String oidParamString = hReq.getHeader(oidHeader); | 166 String oidParamString = hReq.getHeader(oidHeader); |
| 167 | 167 |
| 168 if (oidParamString == null) { | 168 if (oidParamString == null) { |
| 169 logger.debug("Header " + oidHeader + " not provided."); | 169 logger.debug("Header " + oidHeader + " not provided. Trying params."); |
| 170 } else { | |
| 171 logger.debug("Trying to verify query."); | |
| 172 oidParamString = hReq.getQueryString(); | 170 oidParamString = hReq.getQueryString(); |
| 173 } | 171 } |
| 174 | 172 |
| 175 /* Parse the parameters to a map for openid4j */ | 173 /* Parse the parameters to a map for openid4j */ |
| 176 ParameterList oidParams = splitParams(oidParamString); | 174 ParameterList oidParams = splitParams(oidParamString); |
| 179 } | 177 } |
| 180 | 178 |
| 181 /* Verify against the discovered server. */ | 179 /* Verify against the discovered server. */ |
| 182 VerificationResult verification = null; | 180 VerificationResult verification = null; |
| 183 /* extract the receiving URL from the HTTP request */ | 181 /* extract the receiving URL from the HTTP request */ |
| 184 StringBuffer receivingURL = hReq.getRequestURL(); | 182 String receivingURL = hReq.getRequestURL().toString(); |
| 185 String queryString = hReq.getQueryString(); | 183 |
| 186 if (queryString != null && queryString.length() > 0) | 184 if (!receivingURL.contains("?is_return=true&")) { |
| 187 receivingURL.append("?").append(hReq.getQueryString()); | 185 receivingURL += "?is_return=true&"; |
| 186 } | |
| 187 /* XXX this is broken and does not work as that information only | |
| 188 * authenticates this Return url and not any other URL. We have | |
| 189 * to change this. */ | |
| 190 receivingURL.replace("localhost", "127.0.0.1"); | |
| 188 | 191 |
| 189 try { | 192 try { |
| 190 verification = manager.verify(receivingURL.toString(), oidParams, | 193 verification = manager.verify(receivingURL.toString(), oidParams, |
| 191 discovered); | 194 discovered); |
| 192 } catch (MessageException e) { | 195 } catch (MessageException e) { |
| 250 | 253 |
| 251 @Override | 254 @Override |
| 252 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) | 255 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) |
| 253 throws IOException, ServletException | 256 throws IOException, ServletException |
| 254 { | 257 { |
| 258 HttpServletRequest hReq = (HttpServletRequest) req; | |
| 259 HttpServletResponse hResp = (HttpServletResponse) resp; | |
| 255 if (!discoveryDone) { | 260 if (!discoveryDone) { |
| 256 discoveryDone = discoverServer(); | 261 discoveryDone = discoverServer(); |
| 257 } | 262 } |
| 258 if (discoveryDone && checkOpenIDHeader(req)) { | 263 if (discoveryDone && checkOpenIDHeader(req)) { |
| 259 /** Successfully authenticated. */ | 264 /** Successfully authenticated. */ |
| 265 hResp.addHeader(oidHeader, hReq.getQueryString().replace( | |
| 266 "is_return=true","")); | |
| 260 chain.doFilter(req, resp); | 267 chain.doFilter(req, resp); |
| 261 return; | 268 return; |
| 262 } | 269 } |
| 263 String authRequestURL = "Error communicating with openid server"; | 270 String authRequestURL = "Error communicating with openid server"; |
| 264 if (discoveryDone) { | 271 if (discoveryDone) { |
| 265 /* Get the authentication url for this server. */ | 272 /* Get the authentication url for this server. */ |
| 266 try { | 273 try { |
| 267 HttpServletRequest hReq = (HttpServletRequest) req; | |
| 268 String returnToUrl = hReq.getRequestURL().toString() | 274 String returnToUrl = hReq.getRequestURL().toString() |
| 269 + "?is_return=true"; | 275 + "?is_return=true"; |
| 270 AuthRequest authReq = manager.authenticate(discovered, | 276 AuthRequest authReq = manager.authenticate(discovered, |
| 271 returnToUrl); | 277 returnToUrl); |
| 272 authRequestURL = authReq.getDestinationUrl(true); | 278 authRequestURL = authReq.getDestinationUrl(true); |
| 276 } catch (ConsumerException e) { | 282 } catch (ConsumerException e) { |
| 277 logger.debug("Error in consumer manager: " + | 283 logger.debug("Error in consumer manager: " + |
| 278 e.getMessage()); | 284 e.getMessage()); |
| 279 } | 285 } |
| 280 } | 286 } |
| 281 ((HttpServletResponse) resp).sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" + | 287 hResp.sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" + |
| 282 "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," + | 288 "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," + |
| 283 "\"readonly\":false,\"totalCount\":0}"); | 289 "\"readonly\":false,\"totalCount\":0}"); |
| 284 } | 290 } |
| 285 @Override | 291 @Override |
| 286 public void destroy() | 292 public void destroy() |